PT-2018-14616 · Semcms · Semcms
Published
2018-10-28
·
Updated
2018-12-04
·
CVE-2018-18738
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SEMCMS version 3.4
Description
A cross-site scripting (XSS) issue was found, allowing potential exploitation through the
category key parameter in the "admin/SEMCMS Categories.php" endpoint, specifically when the parameters pid=1 and lgid=1 are used.Recommendations
For SEMCMS version 3.4, consider restricting access to the vulnerable
admin/SEMCMS Categories.php endpoint until a patch is available, and avoid using the category key parameter in this context to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Semcms